help with an eigrp "stub" statement

This morning a client has asked me to assist them in attempting to redesign the way a redundant path to a Business Partner is working.

The client has a HQ site in location A, and a DR site in Location B. There is a server in Location A (Primary Server) and a server in Location B (Secondary). These sites are connected together via a MPLS link.

There is a WAN connection to the Business Partner in Location A, as well as a WAN connection to the Business Partner in Location B.

The current configuration works so that both the Primary server in A as well as the Secondary server in B use the WAN connection in A to connect to the Partner. Unfortunantly in the current config, it seems that the Secondary server in B cannot connect to the Business partner over the WAN connection to the Partner in Location B.

I am seeing on the WAN routers at the client that they are getting EIGRP updates from the client in both locaitons. I think that both WAN connections are T1's even though they are from AT&T (Location A) and Verizon (Location B).

The client has asked me to make recommendations for how to configure so that the Primary server in Location A will have a preference for the WAN connection to the BP in Location A, but would also be able to use the connection in Locaton B if the WAN in Loc. A went down.

Likewise, they want the Secondary in Location B to have a preference and be able to communicate to the BP via the WAN in Locaiton B, but in the event that it fails, that the Secondary server in Loc. B could use the WAN in Loc.A to communicate back to the BP.

I would think that if the BP is advertising his networks to us, that EIGRP would know which one to use. Here are the EIGRP statements from Loc.A and Loc. B:

Loc.A

router eigrp 13

network 172.27.6.128 0.0.0.15

network 192.168.15.0

network 206.223.104.0

network 206.223.105.0

neighbor 172.27.6.130 GigabitEthernet3/0/15

distribute-list EIGRP_OUT out GigabitEthernet3/0/15

distribute-list route-map eigrp-rm out

distribute-list eigrp in

no auto-summary

Loc. B

router eigrp 13

network 172.28.6.128 0.0.0.15

network 192.168.36.0

network 192.168.38.0

network 206.223.104.0

network 206.223.105.0

neighbor 172.28.6.130 GigabitEthernet1/0/4

passive-interface Vlan101

eigrp stub connected summary

The 172.27 and 172.28 networks respectively are the networks that connect my client to the BP. The destination networks at the client site are the

206.223. networks.

I am curious about the "eigrp stub connected summary" statement in Location B, and if this may be why EIGRP does not think that it should send data to the 206.223. networks via its own G1/0/4 interface to the BP.

Here are the change recommendations that I am currently considering publishing to the client. Please confirm Jon:

1. We do not need to have the 206.223 networks in our Router eigrp 13 statements. This is because "the BP" advertises these to us.

2. We may not want the EIGRP "stub" statement on the EIGRP config on the DR side.

3. We may want to add the "no auto-summ" statement on the DR side so that we ensure that 'classless" BP networks are correctly advertised.

let me know if you see anything else I should explicitly recommend to the client.

1) Yes, i can't see why these are needed and if there are no interfaces on the HQ/DR routers using these IPs then they are not being used by EIGRP either.

2) If you want to have HQ A use DR B if HQ lose their connection to the BP site A then you will need to remove the eigrp stub config because otherwise DR B will not advertise the 206.223.x.x networks to HQ A.

A word of warning here - it's always best to assume that the config is there for a reason. Removing eigrp stub may mean that other subnets are then advertised to HQ and you may find that routing for other subnets then takes different paths. I suspect this may be there because they don't want DR advertising any HQ learned routes out of any WAN links it has. Now you obviously need to advertise the HQ server subnet out of DR for failover but be careful of any other networks that may also be advertised. It's tricky to say without knowing the full setup but you may find that all of sudden traffic starts using DR and not HQ even if HQ is up. So this does need a bit of investigation.

3) Yes you need to enable no auto-summary but again as above you need to be careful.

What you may have to do is use a route-map/distribute-list at DR under the eigrp config to only advertise out those networks you want to such as the server subnet in HQ. Sorry to be vague but you do need to be aware of the rest of the routing.

As for the BP. It looks like they are not advertising their 206.223.x.x networks as /24s but are advertising smaller subnets. So you need to see exactly what they are advertising and just as importantly how they are interconnected because in effect you are trying to emulate at their site what you want at yours ie.

HQ A = BP A and DR B --> BP B under normal circumstances but then each can use the other as failover.

Share:

Replies

We'll I noticed that Loc B under the router eigrp 13 configuration, I don't see 'no auto-summary', so I'm not sure if that's on purpose or not. If it goes over discontigous networks it's going to advertise the classful summary address. If it has the

'eigrp stub connected summary' cmd configured it's only going to advertise the connected and summary routes to all eigrp neighbors. What networks is the server on in Lock B and is it that network a connectd or summary route?

The Secondary server in Loc. B is not on a directly connected network. He resides on the 172.28 network, which is behind the clients FW (actually the real network ID behind the FW is 192.168.103.0/24, which is then NAT'd to 172.28).

I see where you are going with this, and appreciate your input! Good catch!

the configs you posted, are they from HQ and DR routers. If so why do they multiple 206.223.x.x entries. I would have expected each router to only have one entry ie. the subnet of the P2P link unless the BP is not advertising their networks to you ?

Is the BP running EIGRP on their routers or not ?

As John says, we need to know the IPs of server A and server B. We also need to know -

1) the routing table entries on both HQ and DR routes for the BP networks

2) the routing table entries on the BP routers at the BP site A and B for the server addresses

The BP to the best of my knowledge IS advertising their networks to us. As for the multiple entries, I would have to ask the client if this is just an oversight. Do we need these entries at all on our AS eigrp config if I find out definitively that the BP is advertising them to us.

I am wondering if at least 1 network statement needs to be there, since the EIGRP AS talks to other "client" networks, not just the BP network. Perhaps this is done so that Primary and Secondary both have a backup route to the BP in the event of a failure of etiher WAN?

***This one is more interesting, as you can see that at least for the 206.223.104 net, he knows about a D EX 206.223.104.0/26 [170/858624] via 192.168.36.3(this 36.3 is from the MPLS link, and would take it back to the HQ site to connect. he also knows about

D EX 206.223.104.128/25

[170/10511872] via 172.28.6.130, 3w2d, GigabitEthernet1/0/4 which is the advertisement from the BP..

So i'm assuming 172.28.6.130 from the above is the other end of the P2P link to BP site B ?

If so, in theory if the BP connected from a 206.223.104.128 -> 254 client it should be returned via the P2P link. But if it is from a 206.223.104.1 -> 62 client it will be sent via the MPLS link.

But which link the BP uses we can't say without seeing the BP routing tables.

The general question about whether you need these networks is it depends. If the BP is using EIGRP as well then you only need the P2P link subnet in your router config (and they need it on theirs). Then they should advertise their networks from their router and you should advertise your networks from your routers.

Do you have interfaces on either HQ A or DR B routers that have a 206.223.x.x address. If so can you post what they are and what subnet mask they have.

Also, although this may be the same infomation as above, what is the addressing used on the T1 P2P link on both HQ and DR. From the looks of the routing output it is 172.27.6.x at HQ and 172.28.6.x at DR but if you could just confirm.

So i'm assuming 172.28.6.130 from the above is the other end of the P2P link to BP site B ?

Yes Jon that is a correct assumption.

Do you have interfaces on either HQ A or DR B routers that have a 206.223.x.x address. If so can you post what they are and what subnet mask they have.

No sir. The shared Network address space on A is the 172.27 and on B is the 172.28. The 206.223. addresses are all on their side.

Also, although this may be the same infomation as above, what is the addressing used on the T1 P2P link on both HQ and DR. From the looks of the routing output it is 172.27.6.x at HQ and 172.28.6.x at DR but if you could just confirm.

If you don't have any interfaces on your routers with those addresses then they are not really needed and i'm not sure why they are there. As always you need to understand why they are there before removing.

Back to the case in point.

HQ - 172.27.6.128/28 is advertised to the remote BP site A. This also covers the server 172.27.6.133. Is the P2P link addressing used out of this subnet as well ?

DR - 172.28.6.128/28 is advertised to the remote BP site B. This also covers the server 172.28.6.133. Is the P2P link addressing used of this subnet as well ?

So HQ WAN connection is used to get to the BP but are you sure the BP when replying to DR server goes down the HQ WAN connection ? I ask because the BP should get a much better advertisement for the DR server via the DR to site B P2P link.

What is not clear is what is happening at the BP end. How are their site A and B connected. How are their routers configured, not only to their respective HQ and DR routers but also between each other.

Without a full understanding of the topology it's not really possible to say why things are routing as they are.

HQ - 172.27.6.128/28 is advertised to the remote BP site A. This also covers the server 172.27.6.133. Is the P2P link addressing used out of this subnet as well ?

Yes they are. Client GW adx is 172.27.6.136 and the BP GW is 172.27..6.130.

DR - 172.28.6.128/28 is advertised to the remote BP site B. This also covers the server 172.28.6.133. Is the P2P link addressing used of this subnet as well ?

Yes. Client GW adx 172.28.6.130 and the BP GW is 172.28.6.130

So HQ WAN connection is used to get to the BP but are you sure the BP when replying to DR server goes down the HQ WAN connection ? I ask because the BP should get a much better advertisement for the DR server via the DR to site B P2P link.

Currently it is my understanding from the client that they communicate to the BP thru the AT&T link on HQ side, but return traffic from the BP comes back to us via the DR side. this is one of the items that I have to make change recommendations for.

Here are the change recommendations that I am currently considering publishing to the client. Please confirm Jon:

1. We do not need to have the 206.223 networks in our Router eigrp 13 statements. This is because "the BP" advertises these to us.

2. We may not want the EIGRP "stub" statement on the EIGRP config on the DR side.

3. We may want to add the "no auto-summ" statement on the DR side so that we ensure that 'classless" BP networks are correctly advertised.

let me know if you see anything else I should explicitly recommend to the client.

Here are the change recommendations that I am currently considering publishing to the client. Please confirm Jon:

1. We do not need to have the 206.223 networks in our Router eigrp 13 statements. This is because "the BP" advertises these to us.

2. We may not want the EIGRP "stub" statement on the EIGRP config on the DR side.

3. We may want to add the "no auto-summ" statement on the DR side so that we ensure that 'classless" BP networks are correctly advertised.

let me know if you see anything else I should explicitly recommend to the client.

1) Yes, i can't see why these are needed and if there are no interfaces on the HQ/DR routers using these IPs then they are not being used by EIGRP either.

2) If you want to have HQ A use DR B if HQ lose their connection to the BP site A then you will need to remove the eigrp stub config because otherwise DR B will not advertise the 206.223.x.x networks to HQ A.

A word of warning here - it's always best to assume that the config is there for a reason. Removing eigrp stub may mean that other subnets are then advertised to HQ and you may find that routing for other subnets then takes different paths. I suspect this may be there because they don't want DR advertising any HQ learned routes out of any WAN links it has. Now you obviously need to advertise the HQ server subnet out of DR for failover but be careful of any other networks that may also be advertised. It's tricky to say without knowing the full setup but you may find that all of sudden traffic starts using DR and not HQ even if HQ is up. So this does need a bit of investigation.

3) Yes you need to enable no auto-summary but again as above you need to be careful.

What you may have to do is use a route-map/distribute-list at DR under the eigrp config to only advertise out those networks you want to such as the server subnet in HQ. Sorry to be vague but you do need to be aware of the rest of the routing.

As for the BP. It looks like they are not advertising their 206.223.x.x networks as /24s but are advertising smaller subnets. So you need to see exactly what they are advertising and just as importantly how they are interconnected because in effect you are trying to emulate at their site what you want at yours ie.

HQ A = BP A and DR B --> BP B under normal circumstances but then each can use the other as failover.

It is interesing to me that the Eigrp topology on the BP router to HQ has no feasable successors to the DR network. Is this because of the "stub" statement we discussed on the DR client router?

Also there is a static route on each of the BP routers that is telling each respective router how to get to the other networks. These static routes are being advertised into BGP and redistributed via the WAN on each side.

Here is the static data for HQ to see the DR side:

BP_router_to_HQ>sh ip route 172.28.6.133

Routing entry for 172.28.6.128/28

Known via "static", distance 1, metric 0

Redistributing via bgp 64589

Advertised by bgp 64589

Routing Descriptor Blocks:

* 172.27.6.136

Route metric is 0, traffic share count is 1

The static route on the BP HQ router is:

ip route 172.28.6.128 255.255.255.240 172.127.6.136

Here is the static data for DR to see the HQ side:

BP_router_to_DR>sh ip route 172.27.6.133

Routing entry for 172.27.6.128/28

Known via "static", distance 1, metric 0

Redistributing via bgp 5081

Advertised by bgp 5081

Routing Descriptor Blocks:

* 172.28.6.136

Route metric is 0, traffic share count is 1

The static route on the BP DR router is:

ip route 172.27.6.128 255.255.255.240 172.28.6.136

We will be working with the BP and will be able to make recommendations to them as well. I am a little surprised by the static statments. Dont those take a priority in a routing table, and do they even need to be there?

It is interesing to me that the Eigrp topology on the BP router to HQ has no feasable successors to the DR network. Is this because of the "stub" statement we discussed on the DR client router?

Also there is a static route on each of the BP routers that is telling each respective router how to get to the other networks. These static routes are being advertised into BGP and redistributed via the WAN on each side.

Here is the static data for HQ to see the DR side:

BP_router_to_HQ>sh ip route 172.28.6.133

Routing entry for 172.28.6.128/28

Known via "static", distance 1, metric 0

Redistributing via bgp 64589

Advertised by bgp 64589

Routing Descriptor Blocks:

* 172.27.6.136

Route metric is 0, traffic share count is 1

The static route on the BP HQ router is:

ip route 172.28.6.128 255.255.255.240 172.127.6.136

Here is the static data for DR to see the HQ side:

BP_router_to_DR>sh ip route 172.27.6.133

Routing entry for 172.27.6.128/28

Known via "static", distance 1, metric 0

Redistributing via bgp 5081

Advertised by bgp 5081

Routing Descriptor Blocks:

* 172.28.6.136

Route metric is 0, traffic share count is 1

The static route on the BP DR router is:

ip route 172.27.6.128 255.255.255.240 172.28.6.136

We will be working with the BP and will be able to make recommendations to them as well. I am a little surprised by the static statments. Dont those take a priority in a routing table, and do they even need to be there?